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DETAILED ACTION 

1 . The following is a Final Office Action in response to communications received 
06/10/2004. Claims 2-6, 8-14, 16, and 17 have been amended. Claims 1-18 are pending 
in this application. 

Claim Objections 

2. Claims 1,10, and 14 are objected to because they each contain the limitation "the 
control procedured identified by an administrator" which should more appropriately be — 
the control procedures identified by an administrator--. Correction is required in each 
instance. 

3. Claim 10 is also objected to because it contains steps a.-c, d., d., e.-i. (i.e. two 
step d.'s are recited). Claim 10 should more appropriately recite steps a.-j. Correction is 
required. 

Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this 
title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act 
of 1999 (AIPA) do not apply to the examination of this application as the application 
being examined was not (1) filed on or after November 29, 2000, or (2) voluntarily 
published under 35 U.S.C. 122(b). Therefore, this application is examined under 35 
U.S.C. 102(e) prior to the amendment by the AIPA (pre-AIPA 35 U.S.C. 102(e)). 
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Claims 1-18 are rejected under 35 U.S.C. 102(e) as being anticipated by Higgins 
et al. (U.S. 6,397,202). 

5. As per claim 1, Higgins et al. teaches a method of managing risk with the aid of a 
computer system, said method comprising: 

a. the computer receiving a user selection of risk elements, said risk elements 
being retrieved from a database coupled to said computer (See at least figure 1, 
column 3, lines 30-45, column 4, lines 50-67, column 5, lines 1-15 and 27-50, 
wherein the user selects and manipulates risk elements stored in the database of 
the computer); 

b. for each risk element, the computer retrieving one or more predetermined 
control procedures, the control procedures identified by an administrator as a 
means for mitigating said risk element by reducing the likelihood that the risk will 
occur (See at least column 3, lines 27-45 and 57-67, column 4, lines 1-7 and 40- 
60, column 5, lines 1-15, column 6, lines 40-60, and column 7, lines 1-27, 
wherein control procedures that are programmed into the system by an expert and 
are related to the risk factor are identified, these control procedures being means 
to reduce the likelihood that a risk will occur); 

c. the computer associating said one or more predetermined control 
procedures with said risk element, said predetermined control procedures being 
stored in said database (See at least column 3, lines 27-45 and 57-67, column 4, 
lines 1-7 and 40-60, column 5, lines 1-15, column 6, lines 40-60, and column 7, 
lines 1-27, wherein the input risk elements are related to the control procedures); 
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d. the computer retrieving a weight assigned to each one of said 
predetermined control procedures, said weight being stored in said database (See 
at least column 3, Unes 55-60, column 4, lines 1-7, column 5, hues 5-20, and 
column 7, lines 1-20, which discusses weighting the control procedures); 

e. the computer receiving a user selection of a compliance rating for each 
said predetermined control procedure, the rating selected by the user indicating a 
level of compliance with each one of said predetermined control procedures (See 
at least column 3, lines 25-42 and 55-67, column 5, lines 4-20 and 45-60, column 
6, lines 9-40, wherein the computer receives inputs from a user that rate the level 
of compliance of the elements with the control procedure); and 

f the computer calculating a compliance score, each compliance score being 
a function of said assigned weights and said compliance rating of said 
predetermined control procedures (See at least figures 2 and 3 and column 3, lines 
35-60, column 4, lines 1-15 and 42-67, column 5, lines 5-15, and column 7, lines 
1-9 and 15-27, wherein the computer uses the expert system to calculate a score 
which is a function of the weights and ratings supplied). 
6. As per claim 2, Higgins et al. teaches a method wherein said compliance ratings 
comprise at least one rating identifying a non-fiiUy compliant control procedure, said 
method further comprising the steps of: 

a. for each said control procedure having a non- fully compliant rating, the 
computer receiving a user generated signal indicating whether said non-fuUy 
compliant control procedure is accepted or not accepted (See at least column 4, 
lines 1-15 and 65-67, column 5, lines 1-10, column 6, lines 1-25 and 60-67, 
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wherein the user generates a signal indicating that certain control procedures have 
unacceptable compliance ratings); and 

b. for each of said non-fully compliant control procedure which is indicated 
as not accepted, requiring the user to provide signals for generating an action plan 
(See at least column 4, lines 1-15 and 65-67, column 5, lines 1-10, column 6, lines 
1-25 and 60-67, wherein the user generates a signal changing inputs and weights 
previously associated with a control procedures to create a new plan for 
measurement). 

7. As per claim 3, Higgins et al. teaches a method wherein said action plan includes 
a target date, said method further comprising the step of the computer calculating an 
expected compliance score for one or more future dates based on said action plan target 
dates (See at least figures 2 and 3 and column 3, lines 35-60, colunm 4, lines 1-15 and 
42-67, column 5, lines 5-15 and 30-55 and column 7, lines 1-9 and 15-27, wherein the 
computer uses the expert system to calculate a score for a future date which is a function 
of weights, ratings, and dates). 

8. As per claim 4, Higgins et al. discloses a method further comprising the step of 
the computer tracking whether said expected compliance scores have been met, said 
tracking including calculating actual compliance scores for said target dates (See at least 
figures 2 and 3, column 1, lines 15-20, column 3, lines 30-65, column 5, lines 35-55, 
column 6, lines 60-67, wherein actual versus predicted are monitored). 

9. As per claim 5, Higgins et al. discloses a method further comprising the step of 
the computer displaying said expected compliance scores versus said actual compUance 
for the target dates (See figure 2 and column 5, lines 25-57, that teaches such a display). 
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10. As per claim 6, Higgins et al. teaches a method further comprising the step of the 
computer associating one or more parameters with each said comphance rating (See at 
least column 3, lines 25-42 and 55-67, column 5, lines 4-20 and 45-60, column 6, lines 9- 
40, wherein the compliance rating is associated with parameters). 

11. As per claim 7, Higgins et al. teaches a method wherein said one or more 
parameters are selected from the group comprising organization, business line, process, 
and region (See column 3, lines 55-60, column 6, lines 10-40, which disclose 
organization parameters like staffing). 

12. As per claim 8, Higgins et al. teaches a method fiirther comprising the step of the 
computer sorting said compliance scores by said one or more parameters (See at least 
figure 3, column 3, lines 30-60, column 4, lines 44-60, column 5, lines 15-22 and 40-67, 
column 6, lines 1-20, wherein values are input and stored and organized according to the 
parameter of risk to which the values are associated). 

13. As per claim 9, Higgins et al. discloses a method fiirther comprising the step of 
the computer displaying said sorted compliance scores (See at least figures 2 and 3 and 
column 3, lines 30-55, which discloses a visual output). 

14. As per claim 10, Higgins et al. teaches a method of managing risk with the aid of 
a computer system, said method comprising: 

a. the computer receiving a user selection of risk elements, said risk elements 
being retrieved from a database coupled to said computer (See at least figure 1, 
column 3, lines 30-45, column 4, lines 50-67, column 5, lines 1-15 and 27-50, 
wherein the user selects and manipulates risk elements stored in the database such 
as schedule risk); 
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b. the computer identifying one or more subrisk elements associated with 
each said risk elements, each subrisk element being retrieved from said database 
(See at least figure 1, column 3, lines 30-60, column 4, lines 1-15 and 50-67, 
column 5, lines 1-15 and 27-50, and column 6, lines 1-17, 20-35, and 49-54, 
wherein the subrisk elements are associated with the risk, such as staffing levels 
being associated with schedule risk); 

c. for at least one subrisk element, the computer retrieving one or more 
predetermined control procedures, the control procedures identified by an 
administrator as a means for mitigating said risk element by reducing the 
likelihood that risk will occur (See at least column 3, lines 27-45 and 57-67, 
column 4, lines 1-7 and 40-60, column 5, Unes 1-15, column 6, lines 40-60, and 
column 7, lines 1-27, wherein the input risk elements are related to the control 
procedures); 

d. the computer associating said one or more control procedures with said 
risk element, said control procedures being stored in said database (See at least 
column 3, lines 27-45 and 57-67, column 4, lines 1-7 and 40-60, colunrn 5, lines 
1-15, column 6, lines 40-60, and colunm 7, lines 1-27); 

e. the computer retrieving a weight assigned to each one of said 
predetermined control procedures, said weight being stored in said database (See 
at least column 3, lines 55-60, column 4, lines 1-7, column 5, lines 5-20, and 
column 7, lines 1-20, which discusses weighting the control procedures); 

f. the computer receiving a user selection of a compliance rating for each 
said predetermined control procedure, said compliance ratings including a 
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plurality of categories including at least one category indicating said control 
procedure is not fully compliant (See at least column 3, lines 25-42 and 55-67, 
column 5, lines 4-20 and 45-60, column 6, lines 9-40, wherein the computer 
receives inputs from a user that rate the level of compliance of the elements with 
the control procedure); 

g. the computer calculating a compliance score, said compliance score being 
a function of said assigned weights and said compliance rating of said control 
procedures (See at least figures 2 and 3 and column 3, lines 35-60, colunm 4, Hues 
1-15 and 42-67, column 5, lines 5-15, and column 7, lines 1-9 and 15-27, wherein 
the computer uses the expert system to calculate a score which is a function of the 
weights and ratings supplied); 

h. for each subrisk, the computer determining whether at least one control 
procedure associated with said subrisk is not fully compliant (See at least column 
4, lines 1-15 and 65-67, column 5, lines 1-10, column 6, lines 1-25 and 60-67, 
wherein the user generates the computer indicates that a subrisk is not compliant); 

i. for each subrisk associated with at least one control procedure which is not 
fully compliant, the computer receiving a signal from the user indicating whether 
said subrisk should be accepted or not accepted (See at least column 4, lines 1-15 
and 65-67, column 5, lines 1-10, column 6, lines 1-25 and 60-67, wherein the user 
generates a signal indicating that certain control procedures have unacceptable 
compliance ratings); and 

j. for each subrisk which is indicated as not accepted, the computer 
generating an action plan (See at least column 4, lines 1-15 and 65-67, column 5, 
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lines 1-10, column 6, lines 1-25 and 60-67, wherein the user generates a signal 
changing inputs and weights previously associated with a control procedures to 
create a new plan for measurement). 

15. As per claim 11, Higgins et al. teaches a method wherein said action plan further 
includes a target date, said method further comprising the step of the computer 
calculating a future compliance score based on said action plan target dates (See at least 
figures 2 and 3 and column 3, lines 35-60, column 4, lines 1-15 and 42-67, column 5, 
lines 5-15 and 30-55 and column 7, lines 1-9 and 15-27, wherein the computer uses the 
expert system to calculate a score for a future date which is a function of dates). 

16. As per claims 12 and 13, claim 12 and 13 contain equivalent limitations to claims 
6 and 8, respectively, and are therefore rejected using the art and rationale relied upon in 
the rejection of claims 6 and 8, respectively. 

17. As per claim 14, Higgins et al. teaches a method of forecasting risk with the aid of 
a computer system, said method comprising: 

a. the computer identifying a set of risk elements, said risk elements being 
stored in a database coupled to said computer (See at least figure 1, column 3, 
lines 30-45, column 4, lines 50-67, column 5, lines 1-15 and 27-50, wherein the 
user selects and manipulates risk elements stored in the database of the computer); 

b. for at least one risk element, the computer retrieving one or more 
predetermined control procedures, the control procedures identified by an 
administrator as a means for mitigating said risk element by reducing the 
likelihood the risk will occur (See at least column 3, lines 27-45 and 57-67, 
column 4, lines 1-7 and 40-60, column 5, lines 1-15, column 6, lines 40-60, and 
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column 7, lines 1-27, wherein control procedures that are programmed into the 
system by an expert and are related to the risk factor are identified, these control 
procedures being means to reduce the likelihood that a risk will occur); 

c. the computer associating said one or more control procedures with said 
risk element, said control procedures being stored in said database (See at least 

' column 3, lines 27-45 and 57-67, colunm 4, lines 1-7 and 40-60, column 5, lines 
1-15, column 6, lines 40-60, and column 7, lines 1-27, wherein the input risk 
elements are related to the control procedures); 

d. the computer retrieving a weight assigned to each one of said 
predetermined control procedures, said weight being stored in said database (See 
at least column 3, lines 55-60, column 4, lines 1-7, column 5, lines 5-20, and 
column 7, lines 1-20, which discusses weighting the control procedures); 

e. the computer receiving a user selection of a compliance rating for each 
said predetermined control procedure, said compliance rating chosen from a set of 
ratings including at least one rating identifying a non-fiiUy compliant control 
procedure and at least one rating identifying fiiUy compliant control procedures 
(See at least column 3, lines 25-42 and 55-67, column 5, lines 4-20 and 45-60, 
column 6, lines 9-40, wherein the computer receives inputs from a user that rate 
the level of compliance of the elements with the control procedure); 

f for each said control procedure having a non-fuUy compliant rating, the 
user employing the computer to generate an action plan, said action plan 
including a target date for at least one action listed therein (See at least column 4, 
lines 1-15 and 65-67, column 5, lines 1-10, column 6, lines 1-25 and 60-67, 
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wherein the user generates a signal changing inputs and weights previously 
associated with a control procedures to create a new plan for measurement); and 
g. the computer calculating an expected compliance score for a future date, 
said expected compliance score being a function of said assigned weights, said 
fully compliant control procedures, and said action plan target dates for said non- 
fliUy complaint control procedures (See at least figures 2 and 3 and column 3, 
lines 35-60, column 4, lines 1-15 and 42-67, column 5, lines 5-15 and 30-55 and 
column 7, lines 1-9 and 15-27, wherein the computer uses the expert system to 
calculate a score for a future date which is a function of weights, ratings, and 
dates). 

18. As per claim 15, Higgins et al. teaches a method wherein said action plan 
comprises a signal indicating whether said non-fully compliant rating is accepted or not 
accepted, said expected compHance score further being a function of said non-fully 
compliant ratings which have been accepted^See at least column 4, lines 1-15 and 65-67, 
column 5, lines 1-10, column 6, lines 1-25 and 60-67, wherein the user generates a signal 
indicating that certain control procedures have unacceptable compliance ratings). 
18. As per claim 16, Higgins et al. teaches a data processing system for managing 
risk, said system comprising 

a. a database (See at least figure 1, column 3, lines 30-45, column 4, lines 
50-67, column 5, lines 1-15 and 27-50, wherein a database is discloed); 

b. a processor coupled to said database, said processor being programmed to 
perform the steps comprising (See at least figure 1, column 4, lines 40-60, column 
5, lines 35-55): 
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i. the computer receiving a first signal identifying a user selection of 
a set of risk elements, said risk elements being stored in said database (See 
at least figure 1, column 3, lines 30-45, column 4, lines 50-67, column 5, 
lines 1-15 and 27-50, wherein the user selects and manipulates risk 
elements stored in the database of the computer); 

ii. the computer receiving a second signal identifying a user selection 
of one or more control procedures associated with each said risk element, 
said control procedure comprising a means to mitigate said risk element, 
said control procedure being stored in said database (See at least column 
3, lines 27-45 and 57-67, column 4, lines 1-7 and 40-60, column 5, lines 1- 
15, column 6, lines 40-60, and column 7, lines 1-27, wherein control 
procedures that are programmed into the system by an expert and are 
related to the risk factor are identified, these control procedures being 
means to reduce the likelihood that a risk will occur); 

iii. the computer receiving a third signal assigning a weight to each 
said control procedure, said weight being stored in said database (See at 
least colunrn 3, lines 55-60, column 4, lines 1-7, colunrn 5, lines 5-20, and 
column 7, lines 1-20, discussing weighting the control procedures); and 

V. the computer calculating a comphance score, said compliance 
score being a fijnction of said assigned weights and said compliance rating 
of said control procedures (See at least figures 2 and 3 and column 3, lines 
35-60, column 4, lines 1-15 and 42-67, column 5, lines 5-15 and 30-55 
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and column 7, lines 1-9 and 15-27, wherein the computer uses the expert 
system to calculate a score which is a function of weights and ratings). 
1 9. As per claim 1 7, Higgins et al. teaches a data processing system wherein said 
compliance ratings comprise at least one rating identifying a non-fully compliant control 
procedure, said processor being further programmed to perform the steps comprising: 

a. for each said control procedure having a non-fully compliant rating, the 
computer receiving a signal indicating whether said non-fliUy compliant rating is 
accepted or not accepted (See at least column 4, lines 1-15 and 65-67, column 5, 
lines 1-10, column 6, lines 1-25 and 60-67, wherein the user generates a signal 
indicating that certain control procedures have unacceptable compliance ratings); 

b. for each said non-fully compliant control procedure which is indicated as 
not accepted, the computer receiving an action plan, said action plan including an 
expected target date for implementation and an expected compliance rating (See 
at least column 4, lines 1-15 and 65-67, column 5, lines 1-10, column 6, lines 1-25 
and 60-67, wherein the user generates a signal changing inputs and weights 
previously associated with a control procedures to create a new plan for 
measurement); and 

c. the computer generating one or more future expected compliance scores, 
said compliance scores being a function of said target dates, said assigned 
weights, and said expected compliance rating of said control procedures (See at 
least column 5, lines 25-55, and column 7, lines 20-30, wherein future scores are 
determined). 
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20. As per claim 18, Higgins et al. teaches a data processing system further 
comprising a computer display coupled to said processor, said processor further being 
programmed to display said compliance scores on a computer display (See at least figures 
2 and 3 and column 3, Hnes 30-55, which discloses a visual output). 

Response to Arguments 

21 . Apphcant's arguments with respect to claims 1-18 have been considered but are 
moot in view of the new grounds of rejection, as necessitated by amendment. 

Conclusion 

Applicant's amendment necessitated the new grounds of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Apphcant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS fi-om the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated fi-om the mailing date of the 
advisory action. In no event, however, will the statutory period for reply expire later than 
SIX MONTHS fi-om the date of this final action. 

Any inquiry concerning this conununication or earlier communications from the 
examiner should be directed to Beth Van Doren whose telephone number is (703) 305- 
3882. The examiner can normally be reached on M-F, 8:30-5:00. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Tariq Hafiz can be reached on (703) 305-9643. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center /EBC) at 866-217-9197 (toll-free). 

J/wd 

bvd 

September 3, 2004 
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